Pat-plone-modal and "Cross-Origin Request Blocked" errors

<a class="pat-plone-modal" data-pat-plone-modal="width: 75%; content: #page; title: ;" href="" target="_blank">
    <div class="col titel">Metallbauer (w/m)</div>

I'm trying to load a job advert with pat-plone-modal from a different domain than the host, but keep getting "Cross-Origin Request Blocked" errors.

So I tried to setHeaders within the update method of the viewlet

response.setHeader("Access-Control-Allow-Origin", "")
response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, X-Range, Range, Content-Type, Accept, Access-Control-Allow-Headers")

The headers are shown as response headers in the network tab, but still no luck...
What am I missing?


Unfortunately, that's the other way around: that's your domain which must be allowed by the server.
So you can only do that if you do manage this server.

Thought it's about users security, so that I have to allow the request for the users browser.

Thanx for clearing that!

Can you explain why I'm able to access those resources via urllib or browser then?

That depends on the CORS policy defined by the server.
The server might accept regular visitor but forbid AJAX call (that's the case with
Similarly it could accept image src call, but not iframe call, etc.
Or you can decide to accept AJAX calls from but not any other domain.
You can configure whatever you want in the server vhost.

See if you need more details.

1 Like